Abstract
In this digital age, personal data is more valuable than an actual human being. It corresponds to a person’s daily internet activity. Open-source intelligence can be used to collect data in a variety of ways, which is later put to use for social engineering attacks. The purpose of this paper is to assess the level of data that is freely available online and its potential consequences for personal privacy. This paper discusses the use of machine learning algorithms and tools for automating email phishing attacks. The personal data of the victim is gathered from open-source websites in order to analyze their online activity. This information is then analyzed in an attempt to learn more about the victim’s interests and a relevant email template is created based on this information. The machine learning algorithm is then provided with the constructed template, which predicts how successful a phishing attack would be if launched. This paper uses a machine learning algorithm that is composed of support vector machines (SVM) and logistic regression (LR). This hybrid algorithm, which is a combination of SVM and logistic regression, achieves a peak accuracy of 99.69% when compared to using only one type of classification method, such as SVM or LR. The purpose of this paper is to increase the effectiveness of phishing attacks by automating the data extraction process and to analyse the success rate of attack using machine learning before launching it. This paper will serve the interests of institutions/companies by providing a convenient way to conduct automatic phishing as part of Cyber-Security training to educate employees, giving them a practical experience of social engineering attack.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Alsariera, Y.A., Adeyemo, V.E., Balogun, A.O., Alazzawi, A.K.: AI meta-learners and extra-trees algorithm for the detection of phishing websites. IEEE Access 8, 142532–142542 (2020). https://doi.org/10.1109/ACCESS.2020.3013699
Peng, T., Harris, I., Sawa, Y.: Detecting phishing attacks using natural language processing and machine learning. In: 2018 IEEE 12th International Conference on Semantic Computing (ICSC), pp. 300–301 (2018). https://doi.org/10.1109/ICSC.2018.00056
Lee, J., Lee, Y., Lee, D., Kwon, H., Shin, D.: Classification of attack types and analysis of attack methods for profiling phishing mail attack groups. IEEE Access 9, 80866–80872 (2021). https://doi.org/10.1109/ACCESS.2021.3084897
Feng, J., Zou, L., Ye, O., Han, J.: Web2Vec: phishing webpage detection method based on multidimensional features driven by deep learning. IEEE Access 8, 221214–221224 (2020). https://doi.org/10.1109/ACCESS.2020.3043188
Kunju, M.V., Dainel, E., Anthony, H.C., Bhelwa, S.: Evaluation of phishing techniques based on machine learning. In: International Conference on Intelligent Computing and Control Systems (ICCS), pp. 963–968 (2019). https://doi.org/10.1109/ICCS45141.2019.9065639
Khonji, M., Iraqi, Y., Jones, A.: Phishing detection: a literature survey. IEEE Commun. Surv. Tutorials 15(4), 2091–2121 (2013). https://doi.org/10.1109/SURV.2013.032213.00009
Baig, M.S., Ahmed, F., Memon, A.M.: Spear-phishing campaigns: link vulnerability leads to phishing attacks, spear-phishing electronic/UAV communication-scam targeted. In: 2021 4th International Conference on Computing & Information Sciences (ICCIS), pp. 1–6 (2021). https://doi.org/10.1109/ICCIS54243.2021.9676394
Salloum, S., Gaber, T., Vadera, S., Shaalan, K.: A systematic literature review on phishing email detection using natural language processing techniques. IEEE Access 10, 65703–65727 (2022). https://doi.org/10.1109/ACCESS.2022.3183083
Asiri, S., Xiao, Y., Alzahrani, S., Li, S., Li, T.: A survey of intelligent detection designs of HTML URL phishing attacks. IEEE Access 11, 6421–6443 (2023). https://doi.org/10.1109/ACCESS.2023.3237798
Geng, G.-G., Yan, Z.-W., Zeng, Y., Jin, X.-B.: RRPhish: anti-phishing via mining brand resources request. In: 2018 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA, pp. 1–2 (2018). https://doi.org/10.1109/ICCE.2018.8326085
Nathezhtha, T., Sangeetha, D., Vaidehi, V.: WC-PAD: web crawling based phishing attack detection. In: 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, pp. 1–6 (2019). https://doi.org/10.1109/CCST.2019.8888416
Sushma, K., Jayalakshmi, M., Guha, T.: Deep learning for phishing website detection. In: 2022 IEEE 2nd Mysore Sub Section International Conference (MysuruCon), Mysuru, India, pp. 1-6 (2022). https://doi.org/10.1109/MysuruCon55714.2022.9972621
Shah, R.K., Hasan, M.K., Islam, S., Khan, A., Ghazal, T.M., Khan, A.N.: Detect phishing website by fuzzy multi-criteria decision making. In: 2022 1st International Conference on AI in Cybersecurity (ICAIC), Victoria, TX, USA, pp. 1–8 (2022). https://doi.org/10.1109/ICAIC53980.2022.9897036
Rose, M.A.S.R, Basir, N., Heng, N.F.N.R., Zaizi, N.J.M., Saudi, M.M.: Phishing detection and prevention using chrome extension, 2022 10th International Symposium on Digital Forensics and Security (ISDFS), Istanbul, Turkey, pp. 1-6 (2022). https://doi.org/10.1109/ISDFS55398.2022.9800826
Ansari, M.F., Panigrahi, A., Jakka, G., Pati, A., Bhattacharya, K.: Prevention of phishing attacks using AI algorithm. In: 2022 2nd Odisha International Conference on Electrical Power Engineering, Communication and Computing Technology (ODICON), Bhubaneswar, India, pp. 1–5 (2022). https://doi.org/10.1109/ODICON54453.2022.10010185
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hegde, A.M., Kumar, S.B., Bhuvantej, R., Vyshak, R., Sarasvathi, V. (2023). Spear Phishing Using Machine Learning. In: Singh, M., Tyagi, V., Gupta, P., Flusser, J., Ören, T. (eds) Advances in Computing and Data Sciences. ICACDS 2023. Communications in Computer and Information Science, vol 1848. Springer, Cham. https://doi.org/10.1007/978-3-031-37940-6_43
Download citation
DOI: https://doi.org/10.1007/978-3-031-37940-6_43
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-37939-0
Online ISBN: 978-3-031-37940-6
eBook Packages: Computer ScienceComputer Science (R0)